Role-base access control is important. For example, on an application level, to ensure data security, a MICROSOFT WINDOWS administrator (e.g., user Tom) may have privileges to modify (e.g., delete) files created by other regular users (e.g., users Jane and Jerry); but not vice versa. For another example, on a device level, to control content access, a parent may restrict content his/her children can review on a smart TV.
Difficulties abound, however. One technical problem is that, application level and device level role-base access controls are often detached from those at a database level, and thus rendered either unenforceable or inapplicable. For example, a front-end data processing application (e.g., a HR management software application) may be developed independently (e.g., provided by vendor 1) from a backend database (e.g., provided by vendor 2); As a result, user roles (e.g., an HR manger, a full time employee, a part time intern) defined and implemented in the HR management application may not be able to support access control to the backend employee information database.
In fact, for ease of integration, different user roles defined in the front-end data processing application sometimes share the same database access privileges (e.g., those granted to a database system admin).
These approaches may be problematic: database level access controls become highly dependent on application level access controls, rendering the backend database susceptible to breaches.
There is therefore a need for improved techniques to provide integrated role-based access control.